[
https://issues.apache.org/jira/browse/NIFI-149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14523134#comment-14523134
]
Matt Gilman commented on NIFI-149:
----------------------------------
+1 Looks good. Though I would make a couple small changes...
- Admin users can also purge history (where that is explained that sentence is
missing a period).
- I wouldn't advertise the fact that the application can run on both http and
https connectors simultaneously. This only works in standalone mode. It is not
possible to run on both connectors when clustered. Due to this inconsistency it
would probably be better to guard against this rather than provide partial
support IMO. It would also significantly simplify the introduction of WANT
client auth as we would only need to manage one anonymous user (not one for
anonymous http access which is given full permissions and one for anonymous
https access which will be limited according to the configuration).
> create secure configuration guide for the web page
> --------------------------------------------------
>
> Key: NIFI-149
> URL: https://issues.apache.org/jira/browse/NIFI-149
> Project: Apache NiFi
> Issue Type: Task
> Components: Documentation & Website
> Reporter: Tony Kurc
> Assignee: Mark Payne
> Labels: security, web-site
> Fix For: 0.1.0
>
> Attachments:
> 0001-NIFI-149-Added-information-to-Administration-Guide-f.patch
>
>
> create a guide for locking down the application for production use. ideally
> this would include how to create 'accounts', how to assign those accounts
> 'roles', and how to configure the application to disallow use from users who
> don't have accounts or roles.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
